Forum Discussion

utahman3431_307's avatar
May 26, 2017

APM 12.1.2 EHF 271 OPSWAT Mac File Check Issues

I have an access policy that I'm having issues with.


I had to update APM to 12.1.2 with engineering hotfix 271. When I updated it, OPSWAT v4 was installed inadvertently. As soon as it was installed, any user in my company with McAfee Endpoint Encryption v6.x could not get past the HD Encryption check. I ran the OESIS Diagnostic tool on their computers and it did not detect any HD Encryption software. Users that have Bitlocker work just fine. I was able to get around this by setting up a process check coming off of the fallback branch of the HD Encryption macro, and everything is fine for Safeboot/Endpoint Encryption 6.x users (about 1500).


I have some other users with Mac OS 10.12.5 that are unable to pass the client check. This is a bug in the version of the OPSWAT SDK that is installed (4.2.1067.0). There's also an issue with Mac Endpoint Security 10.x. I was going to try to get around the issue for now by checking that the files exist for the endpoint encryption and the endpoint security processes.


I put the files in a Mac file check but it is still failing to see them. The files are:


/Library/Application Support/JAMF/JAMF.keychain for JAMF, and /Library/Application Support/JAMF/status.0 for Filevault.


Does anyone out there with Mac experience have the ability to check to see if that is correct? The only thing I can think of is that it needs a ~ in front of /Library. If I remove the check altogether it works.


The other issue Mac users are having is that they keep getting disconnected right when they log in. Their log files show this:


1106,1106,edge, 48, , 143, TunnelController, Tunnel Server, Connecting state
1106,1106,edge, 2, , 171, TunnelController, Disconnected state, Error code, Routing table cannot be patched
1106,1106,edge, 48, , 183, ConnectivityService, activeServices, Service is active, en5
1106,1106,edge, 48, , 183, ConnectivityService, activeServices, Service is active, en0
1106,1106,edge, 48, , 183, ConnectivityService, activeServices, Service is active, awdl0
1106,1106,edge, 48, , 84, DoRequest, DoRequest, cancel
1106,1106,edge, 48, , 165, TimerController, TimerController, Captive Network Not Detected
1106,1106,edge, 48, , 77, TimerController, Timer Controller, Activated
1106,1106,edge, 48, , 80, TimerController, Timer Controller, Timer Activated (interval: 10 secs)
1106,1106,edge, 48, , 124, TimerController, Timer Controller, Deactivated
1106,1106,edge, 48, , 330, SvpnHandler::StopSvpn, TunnelService, Cannot open pid file, svpn already closed

Does anyone know why this would be happening? F5 support suggested adding a split tunnel entry of to their network access profile, but I don't know if that will help.


1 Reply

  • M_4's avatar
    Icon for Nimbostratus rankNimbostratus

    We experienced similar disconnect issues on the MacBook Pro with the Touchbar (the Touchbar shows up as en5). Adding the split tunnel entry of did work for us. Also setting IPv6 to "Link-local only" worked.